CERT/CC Vulnerability Note VU#981134

Overview

Various Linux USB drivers contain an information disclosure vulnerability that may expose sensitive segments of kernel memory to users.

Description

USB drivers for several versions the Linux kernel do not properly initialize kernel memory before using it. When an affected USB driver copies uninitialized memory from kernel space to user space (with the copy_to_user function), the previous kernel memory contents will be copied as well. In some cases, this will grant a user inappropriate access to sensitive segments of kernel memory.

Impact

Users may be able to view sensitive segments of kernel memory.

Solution

Check with Vendor

Users who suspect they are vulnerable are encouraged to check with their vendor to determine the appropriate action to take.

Upgrade to Unaffected Build of the Linux Kernel

Users are encouraged to upgrade to an unaffected build of the Linux kernel.

Vendor Information

981134

Filter by status:

Filter by content: Additional information available

Sort by:

Expand all

Gentoo Linux Affected

Updated: August 30, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SuSE Inc. Affected

Notified: October 22, 2004 Updated: October 25, 2004

Status

Affected

Vendor Statement

According to SusE "We will release updates for those bugs together with one of our next kernel security updates".

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Ingrian Networks Not Affected

Notified: October 22, 2004 Updated: October 22, 2004

Status

Not Affected

Vendor Statement

Ingrian Networks products are not vulnerable to this issue as they do not contain USB drivers.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Connectiva Unknown

Updated: October 22, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Debian Unknown

Notified: October 22, 2004 Updated: October 22, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Engarde Unknown

Updated: October 22, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hewlett-Packard Company Unknown

Notified: October 22, 2004 Updated: October 22, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IBM eServer Unknown

Notified: October 22, 2004 Updated: October 22, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IBM-zSeries Unknown

Notified: October 22, 2004 Updated: October 22, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Immunix Unknown

Updated: October 22, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MandrakeSoft Unknown

Updated: October 22, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MontaVista Software Unknown

Notified: October 22, 2004 Updated: October 22, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Novell Unknown

Updated: October 22, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Openwall GNU/*/Linux Unknown

Notified: October 22, 2004 Updated: October 25, 2004

Status

Unknown

Vendor Statement

The default Linux kernel image on Openwall GNU/*/Linux (Owl) 1.1 CDs is not affected by this issue since USB support is not compiled in. Custom kernel builds, however, could be affected, depending on options used. This has been corrected in Owl-current and Owl 1.1-stable on August 15, 2004 with the update to Linux 2.4.27-ow1. More importantly, his update also corrects a number of other Linux kernels vulnerabilities which have similar prerequisites and impact (e.g., CVE CAN-2004-0415).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Red Hat Inc. Unknown

Notified: October 22, 2004 Updated: October 22, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SCO Unknown

Updated: October 22, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sequent Unknown

Notified: October 22, 2004 Updated: October 22, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sun Microsystems Inc. Unknown

Notified: October 22, 2004 Updated: October 22, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

TurboLinux Unknown

Notified: October 22, 2004 Updated: October 22, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

View all 19 vendors View less vendors

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml
http://securityfocus.com/advisories/7104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0685
http://www.osvdb.org/displayvuln.php?osvdb_id=9273
http://www.securitytracker.com/alerts/2004/Aug/1011078.html

Acknowledgements

This vulnerability was reported by Tim Yamin.

This document was written by Jeff Gennari.

Other Information

CVE IDs:	CVE-2004-0685
Severity Metric:	0.48
Date Public:	2004-08-25
Date First Published:	2004-10-22
Date Last Updated:	2004-10-25 15:05 UTC
Document Revision:	153

About vulnerability notes
Contact us about this vulnerability
Provide a vendor statement

Software Engineering Institute

CERT Coordination Center

Linux kernel USB drivers do not initialize kernel memory properly

Vulnerability Note VU#981134

Overview

Description

Impact

Solution

Vendor Information

Gentoo Linux Affected

SuSE Inc. Affected

Ingrian Networks Not Affected

Connectiva Unknown

Debian Unknown

Engarde Unknown

Hewlett-Packard Company Unknown

IBM eServer Unknown

IBM-zSeries Unknown

Immunix Unknown

MandrakeSoft Unknown

MontaVista Software Unknown

Novell Unknown

Openwall GNU/*/Linux Unknown

Red Hat Inc. Unknown

SCO Unknown

Sequent Unknown

Sun Microsystems Inc. Unknown

TurboLinux Unknown

CVSS Metrics

References

Acknowledgements

Other Information

Contact CERT/CC